Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2371-1 Final 1 1 2022-07-12T13:24:41Z current 2022-07-12T13:24:41Z 2022-07-12T13:24:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-2371,SUSE-SLE-Product-HPC-15-2022-2371,SUSE-SLE-Product-SLES-15-2022-2371,SUSE-SLE-Product-SLES_SAP-15-2022-2371 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222371-1/ Link for SUSE-SU-2022:2371-1 https://lists.suse.com/pipermail/sle-security-updates/2022-July/011515.html E-Mail link for SUSE-SU-2022:2371-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194179 SUSE Bug 1194179 https://bugzilla.suse.com/1194181 SUSE Bug 1194181 https://www.suse.com/security/cve/CVE-2022-2319/ SUSE CVE CVE-2022-2319 page https://www.suse.com/security/cve/CVE-2022-2320/ SUSE CVE CVE-2022-2320 page SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 xorg-x11-server-1.19.6-150000.8.39.1 xorg-x11-server-extra-1.19.6-150000.8.39.1 xorg-x11-server-sdk-1.19.6-150000.8.39.1 xorg-x11-server-source-1.19.6-150000.8.39.1 xorg-x11-server-wayland-1.19.6-150000.8.39.1 xorg-x11-server-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS xorg-x11-server-extra-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS xorg-x11-server-sdk-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS xorg-x11-server-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xorg-x11-server-extra-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xorg-x11-server-sdk-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xorg-x11-server-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server 15-LTSS xorg-x11-server-extra-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server 15-LTSS xorg-x11-server-sdk-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server 15-LTSS xorg-x11-server-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 xorg-x11-server-extra-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 xorg-x11-server-sdk-1.19.6-150000.8.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. CVE-2022-2319 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-sdk-1.19.6-150000.8.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222371-1/ https://www.suse.com/security/cve/CVE-2022-2319.html CVE-2022-2319 https://bugzilla.suse.com/1194179 SUSE Bug 1194179 https://bugzilla.suse.com/1204093 SUSE Bug 1204093 https://bugzilla.suse.com/1205071 SUSE Bug 1205071 https://bugzilla.suse.com/1206243 SUSE Bug 1206243 A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. CVE-2022-2320 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server 15-LTSS:xorg-x11-server-sdk-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-extra-1.19.6-150000.8.39.1 SUSE Linux Enterprise Server for SAP Applications 15:xorg-x11-server-sdk-1.19.6-150000.8.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222371-1/ https://www.suse.com/security/cve/CVE-2022-2320.html CVE-2022-2320 https://bugzilla.suse.com/1194181 SUSE Bug 1194181 https://bugzilla.suse.com/1201793 SUSE Bug 1201793 https://bugzilla.suse.com/1204123 SUSE Bug 1204123 https://bugzilla.suse.com/1205071 SUSE Bug 1205071